Skip to content

Verifiable CodeQL analysis #679

Verifiable CodeQL analysis

Verifiable CodeQL analysis #679

name: "Verifiable CodeQL analysis"
on:
workflow_dispatch:
push:
branches:
- main
- develop
# pull_request:
# branches:
# - main
# paths-ignore:
# - "**.md"
schedule:
# A daily build to check all is still functioning.
- cron: "0 0 * * *"
jobs:
analyze:
name: CodeQL Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, windows-latest, macos-latest ]
steps:
- name: Checkout repository
uses: actions/checkout@v3
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: 'csharp'
queries: security-and-quality
- name: Setup .NET 7.* SDK
uses: actions/setup-dotnet@v3
with:
dotnet-version: '7.*'
- name: Autobuild
if: ${{ github.actor != 'dependabot[bot]' }}
uses: github/codeql-action/autobuild@v2
- name: CodeQL Analysis
if: ${{ github.actor != 'dependabot[bot]' }}
uses: github/codeql-action/analyze@v2
timeout-minutes: 100